On Tue, Sep 18, 2018 at 10:36 AM Job Snijders <job@ntt.net> wrote:
Owen,
On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote:
Personally, since all RPKI accomplishes is providing a cryptographically signed notation of origin ASNs that hijackers should prepend to their announcements in order to create an aura of credibility, I think we should stop throwing resources down this rathole. I think you underestimate how valuable RPKI based Origin Validation (even just by itself) is in today's Internet landscape.
If you are aware of other efforts or more fruitful approaches please let us know.
Perhaps said another way: "How would you figure out what prefixes your bgp peer(s) should be sending you?" (in an automatable, and verifiable manner) -chris